CVE-2026-50742
⚪ Do wiadomości
Wykonanie XSS w Revive Adserver pozwala na atak na administratorów przez nieodpowiednie eskaping.
CVSS
5.4
EPSS
0.1%
Exploit
none
Vendor
revive-adserver
Opis źródłowy (NVD)
A stored XSS vulnerabilities exists in the `maintenance-acl-check.php` and `maintenance-banners-check.php` tools of Revive Adserver 6.0.7. The issue was caused by entity names being displayed without proper escaping when inconsistencies were detected. Whether the XSS payload is executed when an administrator uses the affected maintenance tools is not entirely under the attacker's control.
xss
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 5.4 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.1% |
| Opublikowano (NVD) | 2026-06-26 02:16:53 UTC |
| Ostatnia modyfikacja (NVD) | 2026-06-29 20:20:29 UTC |
Referencje
- https://hackerone.com/reports/3781311 (support@hackerone.com) [Issue Tracking, Third Party Advisory]